In December 2020 the US federal government saw the fallout of the longest (9 months) and largest (200+ organizations world wide) cyber espionage and data breach in US history-the likely perpetrator of this event, hackers sponsored by the Russian Foreign Intelligence Agency (SVR). Cyber criminals, including state sponsored attackers, are always searching for ways to break inâ¦ways to attack us...ways to disable our armed forces and government. Nowhere could the stakes be higher than with the safety and continued operations of the warfighter and their ability to protect the United States. USAF and other armed forces remain highly vulnerable to these disabling attacks through their own unprotected, unmanaged, unmonitored devices on their networks such as networked printers and other internet of things devices. While these devices have built-in security features to shield USAF networks from penetration, they are often not enabled, managed or maintained, turning these devices into wide open doors for hackers to walk through. Printers in print fleets, despite having sometimes as many as 300 security controls built-in, have been put on USAF networks without being properly configured for security. Printers are the second most prevalent information technology (IT) asset type on all networks, they are the most technologically advanced networked device, but they are also the least protected and most vulnerable networked device. The typical printer on a USAF network is set to factory defaults of 40-60 open ports, a published password that any state sponsored criminal can look up on the internet, and is unmanaged from a security standpoint leaving the USAF open and exposed. Symphion recognized this world-wide cyber security gap and has designed advanced software and processes to address it. Symphion is commercially delivering its solution throughout the US to prevent (shield) these vulnerable devices, networks and businesses from cyber attack by establishing and maintaining security configuration of their already built-in security features, updating firmware and managing each device throughout its lifecycle with advanced automation. For instance, 4 of the top 6 worldwide printer manufacturers have turned to Symphion to establish and enforce security configuration management across their customersâ print fleets. With respect to hardening to DoD standards, Symphion has the DISA STIG and NIST security configuration standards built-in to its software and is currently commercially delivering these solutions to healthcare systems. Symphionâs SBIR proposal is to adapt its commercially successful solution to meet USAF classified, non-classified, and civilian needs to fill this known cyber security gap first for network printers then to address other networked IoT devices such as cameras, industrial controls and critical infrastructure systems. Symphion will accomplish this through adapting its software and current remote delivery model to meet DoD stand
